[Bug 465955] New: X: client 21 rejected from local host; resp. KDEINIT could not launch ...
https://bugzilla.novell.com/show_bug.cgi?id=465955 Summary: X: client 21 rejected from local host; resp. KDEINIT could not launch ... Classification: openSUSE Product: openSUSE 11.1 Version: RC 2 Platform: x86-64 OS/Version: openSUSE 11.1 Status: NEW Severity: Major Priority: P5 - None Component: KDE3 AssignedTo: kde-maintainers@suse.de ReportedBy: volker.barth@ltm.uni-erlangen.de QAContact: qa@suse.de Found By: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.5) Gecko/2008121300 SUSE/3.0.5-1.1 Firefox/3.0.5 Under KDE 3.5 it is from time to time impossible to open any new windows (kwrite, konsole, Firefox, even starting screensaver). A message box pops up: "KDEInit kann "konsole" nicht starten" (KDEInit could not launch "konsole"). In /var/log/Xorg.0.log I get for each try a line like AUDIT: Tue Jan 13 18:13:55 2009: 2700 X: client 21 rejected from local host ( uid=.. gid=.. pid=.. ) This happens - as I already wrote - from time to time, not regularly. Sometimes twice a day, sometimes once a week. Same thing with the duration: sometimes only half a minute, sometimes half an hour. I have no idea what causes this problem, respectively how to reproduce it. A workaround is to enter in a already running konsole "xhost +localhost". After this it is again possible to open new windows. Reproducible: Couldn't Reproduce Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=465955
Vorname Nachname
https://bugzilla.novell.com/show_bug.cgi?id=465955
User stbinner@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c1
Stephan Binner
https://bugzilla.novell.com/show_bug.cgi?id=465955
User volker.barth@ltm.uni-erlangen.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c2
--- Comment #2 from Vorname Nachname
How do you start the applicatios (shell, start menu, ...)?
Using the button of kicker, "run command" (alt+f2) or an already running konsole.
It happens also for Firefox!? Then you also get the "kdeinit warning"?
No, when trying to start FF just nothing happens. No error message and no window either. I wrote it a bit unclear. The messagebox appears when trying to start e.g. konsole. When trying to start the screensaver I use the "Miniprogramm" (mini applet in english?) I added to kicker, then there is no message box too, only the screen is not locked.
When it doesn't work next time try a "simple" application like xterm. Does it start?
I will as soon as there is a possibility to. Some other things I noticed today: First: when executing "xhost +localhost" I got a No protocol specified xhost: unable to open display ":0.0" and executing "xauth list" gave xauth: /home/iwtm05/.Xauthority not writeable, changes will be ignored however this file definitely belongs to me and I have both write and read permissions. Some seconds later, after everything worked normal again, "xhost +localhost" worked as it is supposed to (granting localhost access) and "xauth list" did not give any error messages. The homes are distributed over NFS can this be a problem? Second: I wrote a dumb bash script opening and killing a konsole in an endless loop all the time. And within roughly four hours this script was three times unable to launch a konsole because of the reported problem. So it looks like this happens more frequently than I thought, only I did not recognize it in the past. Third: I do not know if this helps, but this error was/is not present up to 10.3 and it was (is?) present in 11.0. (I did not deploy 11.0 widely because of an unusable nscd, glad I am rid of it in 11.1) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=465955
User volker.barth@ltm.uni-erlangen.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c3
--- Comment #3 from Vorname Nachname
When it doesn't work next time try a "simple" application like xterm. Does it start?
No, same problem using an already running konsole: ~ $ xterm No protocol specified xterm Xt error: Can't open display: :0.0 and in /var/log/Xorg.0.log the usual AUDIT: Wed Jan 14 14:45:30 2009: 2648 X: client 5 rejected from local host ( uid=.. gid=.. pid=..) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=465955
Stephan Binner
https://bugzilla.novell.com/show_bug.cgi?id=465955
User sndirsch@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c4
Stefan Dirsch
https://bugzilla.novell.com/show_bug.cgi?id=465955
User volker.barth@ltm.uni-erlangen.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c5
--- Comment #5 from Vorname Nachname
Your ~/.Xauthority appears to be broken - for whatever reasons.
Can this happen during working at the machine? Or would it solve the problem if I delete the .Xauthority and start with a fresh one?
Such issues are very hard to reproduce. I suggest to make a copy when you start a Xsession and copy it back to ~/.Xauthority when this issue occurs.
But exactly here lies the problem. I do not always have a konsole or xterm open. So when I discover that there is something amiss, I will be unable to copy any files (unless I switch to text console, but this would be quite unconvenient).
I'm sorry, that I don't have a better proposal at this point. Hope it helps nevertheless.
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=465955
User sndirsch@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c6
--- Comment #6 from Stefan Dirsch
(In reply to comment #4)
Your ~/.Xauthority appears to be broken - for whatever reasons.
Can this happen during working at the machine?
Yes, this happened to me. But I never was able to reproduce it by intention to investigate this issue. :-(
Or would it solve the problem if I delete the .Xauthority and start with a fresh one?
For this you would need the keys, which are only known by displaymanager or root user.
Such issues are very hard to reproduce. I suggest to make a copy when you start a Xsession and copy it back to ~/.Xauthority when this issue occurs.
But exactly here lies the problem. I do not always have a konsole or xterm open. So when I discover that there is something amiss, I will be unable to copy any files (unless I switch to text console, but this would be quite unconvenient).
Maybe you can create it in your ~/.xinitrc without user intervention. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=465955
User volker.barth@ltm.uni-erlangen.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c7
--- Comment #7 from Vorname Nachname
https://bugzilla.novell.com/show_bug.cgi?id=465955
User sndirsch@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c8
--- Comment #8 from Stefan Dirsch
https://bugzilla.novell.com/show_bug.cgi?id=465955
User volker.barth@ltm.uni-erlangen.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c9
--- Comment #9 from Volker Barth
Apparently the file exists, but it is not writable. This is what is tested in source code of xauth right before printing this message. Sounds very likely like an issue related to NFS/LDAP.
I think I finally found a solution for the NFS/ssh problem on the web: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/269954 One modification is needed for openSuSE, hence I get the following (no problems opening windows since over a week). adding in .bashrc: --- snip --- if [ -n "$SSH_CLIENT" ] ; then export XAUTHORITY=$HOME/.Xauthority-$HOSTNAME fi --- snap --- adding in .ssh/rc: --- snip --- if [ -n "$DISPLAY" ] ; then if read proto cookie ; then case "$DISPLAY" in localhost:*) /usr/X11R6/bin/xauth -f $HOME/.Xauthority-$HOSTNAME add unix:$(echo $DISPLAY | cut -c11-) $proto $cookie ;; *) /usr/X11R6/bin/xauth -f $HOME/.Xauthority-$HOSTNAME add $DISPLAY $proto $cookie ;; esac fi fi --- snap --- -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=465955
User sndirsch@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c10
Stefan Dirsch
https://bugzilla.novell.com/show_bug.cgi?id=465955
Stefan Dirsch
https://bugzilla.novell.com/show_bug.cgi?id=465955
User sndirsch@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c11
Stefan Dirsch
https://bugzilla.novell.com/show_bug.cgi?id=465955
User eich@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c12
Egbert Eich
https://bugzilla.novell.com/show_bug.cgi?id=465955
User volker.barth@ltm.uni-erlangen.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c13
--- Comment #13 from Volker Barth
OK, so the workaround described in https://bugs.launchpad.net/ubuntu/+source/linux/+bug/269954 works. Volker, do you see any of the other symptoms described in this report?
Which do you mean exactly? Like written in comment #2, when starting an application I always got: No protocol specified xhost: unable to open display ":0.0" not the identical message, but fairly identical for me. The symptom about sometimes it did work, sometimes it did not: definitely yes, that made it for a long time a bit hard to track down. The workaround 'cd ; ls' getting things going again: no idea, never tried this at that time because I did not know of this trick.
Can you verify that it is NFS that breaks the access to your .Xauthority file?
I cannot really verify it. I'd have to move my complete home to my local disk, which would mean quite some changes in the configuration. Problem is, this is my computer at work, playing around with it is no good idea because I need it in a working state.
You can dump the content with 'xauth -list'. What changes when you do this after access breaks?
see comment #2: "xauth list" gave me: xauth: /home/iwtm05/.Xauthority not writeable, changes will be ignored iirc, the content which was dumped looked ok to me, the file was just not properly accessible, although "ll .Xauthority" showed me as owner and access rights were set properly (rw). I am quite unsure about the following, but iirc after doing the ll I was able again to open windows. Which would confirm the trick described in the ubuntu link above (cd;ls).
Please try this from the home directory mounted to the machine where things break.
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=465955
Stefan Dirsch
https://bugzilla.novell.com/show_bug.cgi?id=465955
User sndirsch@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c14
Stefan Dirsch
(In reply to comment #12)
OK, so the workaround described in https://bugs.launchpad.net/ubuntu/+source/linux/+bug/269954 works. Volker, do you see any of the other symptoms described in this report?
Which do you mean exactly?
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/269954/comments/4 Egbert, Olaf, Who's the right person to assign this NFS problem? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=465955
User bernet@physik.unizh.ch added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c15
Roland Bernet
https://bugzilla.novell.com/show_bug.cgi?id=465955
User okir@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c16
Olaf Kirch
https://bugzilla.novell.com/show_bug.cgi?id=465955
User sndirsch@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c17
Stefan Dirsch
https://bugzilla.novell.com/show_bug.cgi?id=465955
User tiwai@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c18
--- Comment #18 from Takashi Iwai
https://bugzilla.novell.com/show_bug.cgi?id=465955
User volker.barth@ltm.uni-erlangen.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c19
--- Comment #19 from Volker Barth
In my case, the nfs server (not mount) option "subtree_check" helped. Add it in /etc/exports appropriately. For example, my config looks like: /home @myhosts(rw,async,no_root_squash,subtree_check)
But "man exports" states: As a general guide, a home directory filesystem, which is normally exported at the root and may see lots of file renames, should be exported with subtree checking disabled. A filesystem which is mostly read-only, and at least doesn't see many file renames (e.g. /usr or /var) and for which subdirectories may be exported, should probably be exported with subtree checks enabled. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=465955
User tiwai@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c20
--- Comment #20 from Takashi Iwai
https://bugzilla.novell.com/show_bug.cgi?id=465955
User sndirsch@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c21
Stefan Dirsch
https://bugzilla.novell.com/show_bug.cgi?id=465955
User volker.barth@ltm.uni-erlangen.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c22
--- Comment #22 from Volker Barth
I know it. But actually this option seems to have some impact on this buggy behavior apparently. At least, you can give it a try.
ok, added subtree_check in /etc/exports on nfs server; undid my modification in bashrc and .ssh/rc; let's wait and see what happens -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=465955
User sjayaraman@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c23
Suresh Jayaraman
https://bugzilla.novell.com/show_bug.cgi?id=465955
User bernet@physik.unizh.ch added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c24
--- Comment #24 from Roland Bernet
https://bugzilla.novell.com/show_bug.cgi?id=465955
User bernet@physik.unizh.ch added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c25
--- Comment #25 from Roland Bernet
xterm No protocol specified xterm Xt error: Can't open display: :0.0
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=465955
User volker.barth@ltm.uni-erlangen.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c26
--- Comment #26 from Volker Barth
(In reply to comment #20)
I know it. But actually this option seems to have some impact on this buggy behavior apparently. At least, you can give it a try.
ok, added subtree_check in /etc/exports on nfs server; undid my modification in .bashrc and .ssh/rc; let's wait and see what happens
adding subtree_check on server side did not help, got stuck again today. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=465955
User sjayaraman@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c27
Suresh Jayaraman
https://bugzilla.novell.com/show_bug.cgi?id=465955
User sjayaraman@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c28
--- Comment #28 from Suresh Jayaraman
https://bugzilla.novell.com/show_bug.cgi?id=465955
User volker.barth@ltm.uni-erlangen.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c29
--- Comment #29 from Volker Barth
Does setting "X11UseLocalhost no" in /etc/ssh/sshd_config and restarting sshd help?
I'll test and report back. (In reply to comment #28)
Irrespective of the previous comment, got a clue just now. Check if the export has "root_squash". If so, the filesystem is exported in a way the causes 'root' accesses to be treated as accessed by 'nobody'. So if you try to access a setuid binary then you might be seeing this error. Changing the export option to "no_root_squash" can fix this.
The server exports the home indeed with the option "root_squash". We set this option with purpose, so that only root on the server has root rights and root from a remote machine cannot access the home folder with root rights (thus preventing damage to the home folder out out carelessness or a hijacked remote machine). Changing it would open a kind of a security leak. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=465955
User tiwai@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c30
--- Comment #30 from Takashi Iwai
https://bugzilla.novell.com/show_bug.cgi?id=465955
User volker.barth@ltm.uni-erlangen.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c31
--- Comment #31 from Volker Barth
Does setting "X11UseLocalhost no" in /etc/ssh/sshd_config and restarting sshd help?
No. Changed the mentioned setting on a remote machine, failed starting X apps after a while at the known point. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=465955
User sjayaraman@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c32
Suresh Jayaraman
https://bugzilla.novell.com/show_bug.cgi?id=465955
User sjayaraman@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c33
Suresh Jayaraman
https://bugzilla.novell.com/show_bug.cgi?id=465955
User volker.barth@ltm.uni-erlangen.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c34
Volker Barth
When you're seeing the issue, can you please nfs client side debugging by doing(as root):
dmesg -c #clear ring buffer rpcdebug -m nfs -s vfs pagecache # enable nfs debugging start xterm (hit the issue) dmesg > nfs-debug.log
and attach nfs-debug.log?
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=465955
User sjayaraman@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c35
Suresh Jayaraman
https://bugzilla.novell.com/show_bug.cgi?id=465955
User volker.barth@ltm.uni-erlangen.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c36
Volker Barth
Sorry, I missed asking you to enable lookupcache.. I also could not reproduce it myself (run for 4 hrs now).
depends on your "luck"; as I wrote in one of my first posts, it can work for days without problems. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=465955
User volker.barth@ltm.uni-erlangen.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c37
--- Comment #37 from Volker Barth
https://bugzilla.novell.com/show_bug.cgi?id=465955
User volker.barth@ltm.uni-erlangen.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c38
--- Comment #38 from Volker Barth
https://bugzilla.novell.com/show_bug.cgi?id=465955
User volker.barth@ltm.uni-erlangen.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c39
--- Comment #39 from Volker Barth
https://bugzilla.novell.com/show_bug.cgi?id=465955
User sjayaraman@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c40
--- Comment #40 from Suresh Jayaraman
https://bugzilla.novell.com/show_bug.cgi?id=465955
User sjayaraman@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c41
--- Comment #41 from Suresh Jayaraman
https://bugzilla.novell.com/show_bug.cgi?id=465955
User volker.barth@ltm.uni-erlangen.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c42
--- Comment #42 from Volker Barth
Created an attachment (id=275325) --> (https://bugzilla.novell.com/attachment.cgi?id=275325) [details] Proposed patch
Could you please apply this patch and see whether it fixes the issue for you?
still compiling, I'll report back as soon as I have the new kernel running.
Also, if possible see whether the reproducer that I mentioned in the above comment helps you reproduce the problem for you always and update.
Yes, following the steps listed in comment #40 the problem is reproducible under 11.1, too. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=465955
User volker.barth@ltm.uni-erlangen.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c43
--- Comment #43 from Volker Barth
(In reply to comment #41)
Created an attachment (id=275325) --> (https://bugzilla.novell.com/attachment.cgi?id=275325) [details] [details] Proposed patch
Could you please apply this patch and see whether it fixes the issue for you?
still compiling, I'll report back as soon as I have the new kernel running.
Also, if possible see whether the reproducer that I mentioned in the above comment helps you reproduce the problem for you always and update.
Yes, following the steps listed in comment #40 the problem is reproducible under 11.1, too.
Finally have the patched kernel running. Looks promising. Using the steps in comment #40 I am no longer able to trigger the problem; still able to open new windows. I will work on with the patched kernel and report back in some days with longer time experience. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=465955
User sjayaraman@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c44
Suresh Jayaraman
https://bugzilla.novell.com/show_bug.cgi?id=465955
User sjayaraman@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c45
--- Comment #45 from Suresh Jayaraman
https://bugzilla.novell.com/show_bug.cgi?id=465955
User volker.barth@ltm.uni-erlangen.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c46
Volker Barth
Did this problem go away? Or It still occurs?
I'd have reported back later this day anyway. The ssh/NFS problem is solved, I'd say. Working one week with the patched kernel, I never had any problems. Good work. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=465955
User sjayaraman@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c47
--- Comment #47 from Suresh Jayaraman
https://bugzilla.novell.com/show_bug.cgi?id=465955
User sjayaraman@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=465955#c48
Suresh Jayaraman
participants (1)
-
bugzilla_noreply@novell.com